104 matches found
CVE-2022-31011
Summary: CVE-2022-31011 affects PingCAP TiDB HTAP database. Under certain conditions, an attacker can craft malicious authentication requests to bypass authentication, causing privilege escalation or unauthorized access. The vulnerability specifically impacts TiDB 5.3.0; a patch is available in T...
CVE-2022-31011 TiDB authentication bypass vulnerability
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
CVE-2022-31011 TiDB authentication bypass vulnerability
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
CVE-2022-31011 TiDB authentication bypass vulnerability
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
PingCAP TiDB 授权问题漏洞
PingCAP TiDB is an open source, cloud-native, distributed, MySQL-compatible database for elastic scaling and real-time analytics from China-based PingCAP. PingCAP TiDB version 5.3.0 suffers from an authorization issue vulnerability, which stems from a problem with application rights management. A...
Authentication Bypass
github.com/pingcap/tidb is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly restrict the access path, allowing an attacker to bypass the authentication process by providing malicious authentication requests, resulting in privilege escalation or...
Data Source Name Injection
Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...
SQL Injection
storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...
SQL Injection in Apache SkyWalking
Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
GHSA-GRPF-GG7V-5G5H SQL Injection in Apache SkyWalking
Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
Sql injection
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
PYSEC-2020-342
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
PYSEC-2020-342
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-13921
The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-9483
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...
Sql injection
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...
CVE-2020-9483
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...